odd config behaviour

Damien Miller djm at mindrot.org
Sat Mar 5 23:02:11 AEDT 2022


On Sat, 5 Mar 2022, Brian Candler wrote:

> One thing that could be clarified in sshd_config(5):
> 
> > the keywords on the following lines override those
> > set in the global section of the config file, until either another
> > .Cm Match
> > line or the end of the file.
> 
> If you have a Match block inside an Included file, does "end of the file" mean
> the end of that included file, or the end of the top-level config file?

Match in an Include should terminate at the end of the file and not
affect the one that included it. IIRC there have been some bugs in that
ares.

Maybe something like this?

diff --git a/sshd_config.5 b/sshd_config.5
index 48e9893..b3ea696 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -834,6 +834,11 @@ directive may appear inside a
 .Cm Match
 block
 to perform conditional inclusion.
+.Cm Match
+blocks inside a file
+included via
+.Cm Include
+are terminated at the end of the included file.
 .It Cm IPQoS
 Specifies the IPv4 type-of-service or DSCP class for the connection.
 Accepted values are

-d


More information about the openssh-unix-dev mailing list